Look Before You Scan: How You Can Use QR Codes Safely and Productively
As a company whose product is the QR code, we know a lot about its capabilities, especially in connecting the physical and digital worlds. Scanning a QR code on a product, billboard, or even a TV screen can lead to a wide range of destinations, including a brand website or a reorder page.
Because of the accessibility and versatility of QR codes, they have become an incredibly useful tool for brands and marketers to reach and interact with more customers. Brands are using QR codes for multiple use cases, from increased brand transparency to product registrations and warranty activations.
However, we also know that such accessibility and universality enable scammers to exploit QR codes in phishing attacks. These attackers embed QR codes that link to a malicious site in emails or high-traffic locations, hoping that unsuspecting users scan the QR code.
QR code-related phishing attacks are still rare, but as scammers find more ways to deceive users through QR codes, user awareness and secure technology become key ways to ensure safety.
Our Chief Technology Officer Zack Morrison provides deeper insight into the security of scanning QR codes, and how users can use them safely:
Q: What makes scanning QR codes a security risk?
A: It is not that scammers fake QR codes, but instead these scammers direct the QR code to a fraudulent site. Scammers may put QR codes in a public place, like on a table in a restaurant, in hopes that the victim assumes that the QR code was put up by the actual business owner.
Q: How can users check if a QR code is safe?
A: The easiest way to spot a fraudulent QR code is to consider if the code looks out of place.
In the restaurant example, if the QR code is printed on highly visible, branded coasters with the restaurant's name for example, then it is more likely to be legitimate. For products, if the QR code is printed directly on a product's packaging or on materials that are included inside the product's box, it is very unlikely that the QR code is fraudulent.
If you are still in doubt, you should ask someone from the business directly about the QR code in question.
The easiest way to spot a fraudulent QR code is to consider if the code looks out of place.
Q: What are some best practices against scanning a fraudulent QR code?
A: The best practice for ensuring that a QR code is legit is to use a critical eye to identify potential fraudulent codes before even scanning.
After scanning, you should look at the preview URL that will display on your phone camera screen to see if the URL that the code is pointing to seems safe (NOTE: many businesses will used shortened links to keep the QR codes simple, so don't be surprised if the name of the business does not show up in the preview).
Finally, when you land on the website, examine the page again with your critical eye. Is the name or logo of the expected business visible? Am I being asked to enter sensitive personal information like credit card or social security numbers? If anything looks out of place it would be best to check with the business before giving up personal information or making a purchase.
How Brij Ensures Secure QR Code Experiences
Beyond user awareness, another way to ensure secure QR code experiences—and ultimately build trust with customers— is to power QR codes with Brij. With a generic dynamic QR code service or link shortener, scammers can create QR codes that link to fraudulent sites. Brij ensures security and safety with moderated experiences.
“Because Brij controls every experience that is built on brij.it, consumers can know that any URL from brij.it is managed by a verified brand and will therefore only route users to content that is sanctioned by that brand,” Morrison said.
If you have any further questions about QR code safety, reach out to us in the chat to get an answer directly from Zack.